PYSEC-2018-51

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/bleach/PYSEC-2018-51.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2018-51
Aliases
Published
2018-03-07T23:29:00Z
Modified
2023-11-01T04:49:36.034014Z
Summary
[none]
Details

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

References

Affected packages

PyPI / bleach

Package

Affected ranges

Type
GIT
Repo
https://github.com/mozilla/bleach
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
2.1
Fixed
2.1.3

Affected versions

2.*

2.1
2.1.1
2.1.2